Born To Be Wild

Author: admin

  • Safety blindspots: Decision-making in a mining incident response

    Safety blindspots: Decision-making in a mining incident response

    Mining companies in Australia are only too aware of the inherent risks in their industry – when something goes wrong, seconds count in often life-threatening scenarios. With rigorous safety systems and processes, companies also typically employ highly experienced emergency and incident response personnel who are well-rehearsed and trained to respond to a variety of surface and underground emergencies. Safety is drilled in to personnel at pre-start and toolbox meetings, and any incident, no matter how small, must be reported and investigated.

    With such safety measures, the fatality rate in the mining industry has decreased by 65% over the past decade. But with an average of 9 workers dying each year, mining still has one of the highest rates of fatalities of any industry (Safe Work Australia). Apart from catastrophic equipment failure, severe injury and deaths on mine sites usually occur when safe work practices have either been ignored or have not been put in place.

    Who is ultimately responsible for safety?

    While all personnel are responsible for safety, it is ultimately the Site Senior Executive or Senior Mining Manager who hold the legal responsibility for the actions of the business. ‘Mining companies need to be aware of safety “blind spots”,’ says Nick Rutten, Senior Manager with RiskLogic’s resilience team. ‘With the best trained safety response team, and modern electronic communication tools, there is a risk that mine management will be lulled into a sense of complacency that the situation is under control.’

    Timely communications from the emergency or incident management response team to site management and senior management teams is critical for sound decision making. ‘The information also needs to be received in a predictable way, using terminology that is familiar to everyone in the organisation,’ says Nick Rutten. ‘For sound business decision making, uniform processes also need to be in place, regardless of the specific site experiencing the emergency. Following accurate assessment of the severity of the situation, there needs to be a clear escalation process through site management to senior leadership. Post incident, there needs to be a review and sharing across the business of lessons learnt.’

    The safety of workers in a mining environment depends upon many interrelated factors, including knowledge of the dynamic, the ever-changing environment, the ability to recognise and respond to hazards, training, experience, and communication. No matter how rigorous the emergency or incident response plan, companies must address potential safety blind spots and be ever vigilant for complacency or communication blocks between the incident response and management teams.

    For help with incident management for your organisation, contact RiskLogic today on 1300 731 138.

  • Bushfire haze an emerging threat to Business Continuity

    Bushfire haze an emerging threat to Business Continuity

    Australia is no stranger to bushfires, but November saw the worst series of bushfire events occur across multiple states, with many still burning. The impact of those directly affected individuals, communities and the environment has been enormous – with loss of life, hundreds of homes, livestock and livelihoods. Yet, the depth and breadth of these fires extends far greater, with the impact being felt by many people and businesses located far from the fires.

    How has the bushfire haze threatened businesses and why do we need to consider business continuity?

    Several fires have impacted the farming communities with significant loss of animal stock and crops, as well as feed stocks, resulting in decreased supply, increased prices and loss of jobs locally and further along the supply chain.

    While not all areas were primarily impacted by fire, the recent declaration of catastrophic conditions saw the closure of more than 600 schools in New South Wales and Queensland, and 100 in South Australia. This led to reduced staff across other local businesses as parents managed childcare arrangements, with others activated across several community and volunteer service agencies – leading to a real threat in an organisation’s business continuity.

    Air quality at hazardous levels

    Images of the resulting smoke haze has been streamed across the globe. Our highly regarded clean, fresh air now rank 12 times above hazardous levels. For Sydney, it’s the worst air quality index (AQI) ever experienced. This has had obvious health impacts such as increased breathing-related problems with health authorities urging people to stay indoors and restrict outdoor activities –  including outdoor occupations. Some businesses have seen a significant increase in sick leave, have been forced to reduce opening hours or been unable to continue outdoor operations.

    In addition, the impact of the fires and the smoke haze does nothing to welcome tourists to our major cities and parklands over the coming, commercially profitable, Christmas/New Year break, with many hotels and event organisers reporting record reductions in bookings.

    While we may not know the true impact of these fires on our environment, communities and businesses for many months, what we do know is that the ‘heart’ of the Bushfire season hasn’t even started, with January and February set to be hot and dry.

    Business will continue to be impacted, some industries more than others. So, take time now to identify and define a clear business continuity plan in preparation for what is predicted to be a tough summer ahead.

  • Working from Home: COVID-19 Themed Social Engineering Attacks

    Working from Home: COVID-19 Themed Social Engineering Attacks

    As organisations and schools increasingly move to institute social distancing measures with work from home arrangements, how can we stay safe and secure online?

    The heightened fear and anxiety around the COVID-19 pandemic is the perfect vehicle for cyber criminals. One of the methods they use is social engineering attacks. Already, there have been reports of coronavirus-themed attacks designed to trick people into opening documents or clicking on links.

    As employers rightfully double-down on their social distancing strategy and employees connect to the company network remotely – often through home wi-fi networks (with varying levels of security), cyber-criminals have more opportunities and ways to break into company networks.

    COVID-19 themed social engineering attacks

    Emotet appears to be the malware of choice for COVID-19 themed social engineering attacks. In one case, hackers sent phishing emails posing as the U.S Center for Disease Control and Prevention, the World Health Organisation and health agencies from specific countries to recipients.

    These emails purported to contain infection-prevention measures for COVID-19 and instructed recipients to open attached documents. If opened, the target computer could be infected with malware allowing these hackers to gain an upper hand – and possibly make their way into the company’s network.

    A public sector entity of Mongolia was recently targeted by a similar attack. This time in the form of press releases purported to have come from the Mongolian Ministry of Foreign Affairs. The malware was designed to take screenshots, exfiltrate, delete and edit files, and remotely execute processes.

    Social engineering prevention

    As social engineers manipulate curiosity, fear, anxiety and panic to draw in their victims, awareness and education is the key to prevention.

    Employees should be vigilant at all times and the following tips may help improve your cyber resilience to social engineering attacks:

    • Don’t open emails and attachments from unknown or suspicious sources
    • Where possible, use multi-factor authentication to secure your accounts
    • Be wary of tempting offers. If it’s too good to be true, it probably is!
    • Keep your antivirus software updated

    Consider these other tips to stay safe and secure online

    • Using a VPN is an important step in securing your connection to a corporate network.
    • Be mindful of where and who you are communicating with. If you are at a café or other public space:
      • Do not use public Wi-Fi
      • Do not work on documents that can be easily overseen by others.
    • Look at the security of your home network – change default router usernames and passwords.
    • Consider the security of physical documents, USB thumb drives and other media you might be using. Can these be disposed of securely?
  • Strengthening cyber resilience in a COVID worlds

    Strengthening cyber resilience in a COVID worlds

    COVID-19 has transformed the way we work in unprecedented ways, with more people working from home in the longest work from home experiment the world has ever experienced. As organisations re-establish business operations in a phased easing of restrictions, it’s expected that many working from home arrangements will continue.

    For organisations to operate successfully in the new normal, maintaining cyber resilience is paramount. Already, in the month of May, we’ve seen a rise in large scale cyber attacks on Australian businesses.

    Besides the damages and disruption to an organisation’s operations, successful cyber attacks could:

    • result in substantial financial loss.
    • damage an organisation’s reputation and erode customer and shareholder trust and confidence.
    • have legal consequences – data protection and privacy laws across many countries require organisations to safely manage all personal data. If the data is compromised and appropriate security measures cannot be proven, organisations may face potentially large fines.

    Key considerations for maintaining cyber security in a COVID world.

    Importantly, concentrating on your people’s cyber security skills can lessen the risks from social engineering attacks (including phishing). These threats are often successful when an employee inadvertently clicks on a link or open an infected file. Recognising these threats is vital to mitigate the risk of a large scale cyber attack on your organisation.

    Technology

    From a technology standpoint, organisations can implement a range of control measures. These may include firewalls, endpoint detection and response software, virtual private networks (VPN), data encryption and multi-factor authentication (MFA).

    Training and education

    Another essential pillar in meeting the COVID-19 threat environment is ensuring we can react when things don’t go to plan. For example, by simulating realistic cyber scenario exercises relevant to COVID-19 in a BAU environment.

    Consider deploying a regular and robust employee cyber education program (which may include phishing your own people). Training employees to identify email anomalies such as unrecognised sender email addresses and unexpected messages, will improve the organisation’s front-line defence.

    Planning

    Despite having emergency response and business continuity plans, many organisations were underprepared for COVID-19. The pandemic (now considered a live exercise) has provided an opportunity for organisations to plan for further threats – including cyber attacks.

    These attacks need to be managed in the ‘new normal’ where the executive team are most likely dispersed and working from home. In this environment, executive team members need the capabilities to manage multiple risks. Planning for parallel events and conducting table-top scenario exercises remotely could add an additional layer of challenge for the response team and enhance their response capabilities.

    RiskLogic is here to work with you through COVID-19 to identify cyber security opportunities for resilience and help you prepare for a successful recovery.

    Do you like what you’re reading? Subscribe to our newsletter to receive content like this direct to your inbox.

  • A well-established La Niña is heading our way

    A well-established La Niña is heading our way

    A break from serious bushfires in Australia comes in the form of a good dumping of rain. Just when we thought we may get a break from this terrible natural event, we get news of another in the form of too much rain.

    With La Niña well and truly set in for the 2020-2021 summer, the threat landscape is looking challenging once again when considering our natural disaster risk.

    The facts on La Niña so far

    December to February rainfall is likely to be above average across most of Australia, except west coast Tasmania. The average daytime temperatures during December to February are likely to be above the long-term average across parts of southeast and far west Australia, as well as along the northern coastline.

    Furthermore, the average night-time temperatures during December to February are very likely to be above the long-term average across almost all of Australia.

    La Niña is underway in the tropical Pacific which typically increases the likelihood of above average rainfall across eastern Australia during summer.

    In this blog, we’ll break down a few immediate considerations and statistics you need to know to understand whether La Niña is a risk to your business and people.

     

    Increased flood potential

    Where 2019 presented a fire disruption like never before, La Niña will provide the heightened risk of flooding. Many organisations will need to reassess their location and combined risks, but it’s important to consider that flooding alone may not be the biggest threat with this natural disaster.

    Your staff working from home brings with it many complications. If you’re implementing a work-from-home (WFH) strategy, consider that some of your people may already be living in flood zones. If you’ve implemented WFH off the back of government requirements, you’re unlikely to have a secondary  place of work. This could mean key staff are now unavailable.

    If your staff are able to come into the office, flooding can delay or permanently impact travel routes or business trips. What does this look like for you?

    Supply chain and third party suppliers that rely on travel could once again be hindered by weather related events. We’re quite aware of this from previous seasons, but it seldom occurs during an existing crisis of this scale. Could your suppliers handle two disruptions of this size? Have they proven to you they have validated their response here?

    Increased potential for utility and communications outages

    Workplaces, worksites, working from home, clients in the community (supported persons or independent living) can all be disrupted by events like flooding. Procedures need to be established to ensure there are backup plans for communication outages.

    For example, the extreme heat, flooding and fire risk Australia is continuously presented with often takes out key requirements like your internet and phone line.

    The Australian Energy Market Operator has warned of a heightened risk of power outages as an offset of COVID-19, specifically in Victoria during high demand summer days. Organisations need to consider how power outages could impact them when looking at COVID work arounds.

    Can your key people still communicate if that happens – especially from a work from home set up.

    Each region is different, verify yours

    It’s important to understand the risks specific to your region and your supply chain, then verify your response strategies unique to it.

    Consider:

    1. Potential weather-related risks for your locations.
    2. Review and confirm the relocation / redundancy strategies in your business continuity plan (BCP). Consider if there is potential for your primary and redundancy locations to be affected by the same event as we mentioned above?
    3. Review and confirm the recovery strategy for loss of ICT in your BCP. Consider: how will your team communicate in the event of a loss of key systems?
    4. Review and confirm strategies for unavailability of staff (e.g. who cannot travel due to flooding)

    How to prepare right now

    In order to be ready for whatever is thrown at us over summer this year, you need to discuss some key points with your team.

    1. What arrangements will you need to put in place to be ready for potential weather hazards?

    Look at your work from home strategy and consider what outages you can and cannot afford. What key people need to be reachable at all times? How does the pandemic affect how you can react to a significant natural disaster. Remember, things are different now, so your plans are also likely out of date.

    1. Confirm the process to be followed in the event of a denial of access or building outage (actual or potential) including notification and relocation.

    Often, denial of access is sudden and requires immediate action at very short notice. COVID-19 has allowed us to practice and engage different working structures and collaboration to what we’re used to. What worked well in this experience and what can be reiterated during La Niña?

    1. Confirm the process to be followed in the event of a loss of IT or communications system (including for dispersed workforce).

    Does all your team have the ability for IT to access their laptops or workstations? How clear is this to the wider team? Make sure this is communicated with your suppliers too.

    In summary

    However this weather event affects you, it’s important you give it as much respect and attention as COVID-19 is getting. Afterall, there is no doubt that both events will coincide with each other soon enough.

  • When life imitates a crisis exercise

    When life imitates a crisis exercise

    What would you do if you could predict the future?

    Some people say they would go to the racetrack and make their fortune. Others with a more altruistic bent say they would use their super power to avert tragedy or mayhem.

    We don’t have a crystal ball at RiskLogic, but because we run over 200 crisis and business continuity exercises a year, we do spend a lot of time looking into the future and have become very accurate at anticipating disaster (see examples below).

    Four times a week we stress test an executive team somewhere in Australia, New Zealand or around the world.

    To come up with the exercise scenarios, we collaborate closely with our clients to review their risk register, look at trends in their industry and analyse domestic and international events.

    Our primary objective is to make the exercises as realistic as possible. We develop scenarios where the likelihood and the consequences combine to keep their CEOs and Boards awake at night.

    Given the amount of risk data that we’re privileged to have access to, it is not a total surprise that these hypothetical scenarios often eventuate in real life, sometimes just days or weeks after we have run the exercise.

    It is a constant reminder that crisis events and major business disruptions are “a question of when, not if”.

    Here are a few examples of exercises we have run recently that have quickly turned to reality.

    Client: Horticulture producer, Vic
    Exercise scenario: multiple bushfires on a Code Red day that threatened their large-scale orchard and production facility.
    Reality: two weeks later a bushfire started just a couple of kilometres from the scenario ignition site, on the region’s second ever Code Red day.

    Client: Major Australian port operator
    Exercise scenario: a large container ship running into a dock in strong winds, causing a large container crane to collapse.
    Reality: just four days later in Antwerp, a large container ship broke it’s mooring in strong winds, striking a crane and causing it to collapse. The dramatic footage can be found here.

    Client: A major shopping centre
    Exercise scenario: a CBD lockdown as active shooters took lives and hostages in a terrorist attack in the heart of Sydney.
    Reality: two months later, parts of the Sydney CBD were locked down as a man went on a knife rampage, stabbing a woman and terrorising city workers.

    Client: Unnamed
    Exercise scenario: a senior staff member arrested and charged on fraud charges, causing major reputational damage.
    Reality: six months later, a senior staff member was arrested and charged, creating significant logistical and HR challenges and adverse media coverage.

    It goes without saying that our clients were extremely well prepared to handle these highly volatile issues.

    They were smart. They set aside just three hours in their year to test drive a crisis and build their capability and confidence before they faced the real thing.

    Investing in organisational resilience is good for your business and your people. So to avoid being caught out, get on the front foot and book in a crisis or business continuity exercise for 2020.

  • Integrating Fatigue Management programs into Business Continuity

    Integrating Fatigue Management programs into Business Continuity

    The increase in 24 hour business operations and longer work shifts has highlighted the need for effective fatigue management strategies. Research has shown that fatigue can have significant impacts on a business including:

    • Reduced productivity (through impaired performance, errors, etc.)
    • Increased accidents (15–20% of accidents in transport operations are related to fatigue, surpassing that of alcohol or drug-related incidents)
    • Increased personnel costs (e.g. lost time, absenteeism)

    In addition, fatigue has significant personal costs to employees including contributing to health problems such as gastrointestinal and cardiovascular disorders as well as the disruption of family and social life.

    The importance of fatigue management programs is reflected in the increasing number of legislated requirements and industry guidelines that have appeared both locally and internationally. Within Australia, regulations governing work and break schedules have been in place for many years within the trucking industry.  Similar regulations or guidelines exist for other industries including rail, oil and gas and mining.

    What is Fatigue?

    Fatigue is an acute or ongoing state of tiredness that affects employee performance, safety and health. Fatigue is cumulative – it builds up, leading to a progressive loss of alertness that ultimately causes the person to fall asleep.

    The effects of fatigue include: 

    • Loss of alertness – Loss of alertness is an early sign of fatigue and may include minor memory lapses or difficulty in operating equipment safety.
    • Poor judgement – Fatigue affects the ability to think clearly and to make safety-related decisions.  The problem is compounded by the fact that someone who is very fatigued may underestimate how fatigued they are.
    • Mood change – Fatigued can cause irritability, agitation and the tendency to overreact to issues that arise.
    • Drowsiness – When drowsy, a person may experience “microsleeps’ of   3 to 5 seconds. This can be critical if operating heavy machinery or travelling at high speeds. Eventually, this drowsiness can lead to the person falling asleep.

    Causes of Fatigue

    There are several factors that contribute to fatigue. These include:

    Disruption of circadian rhythms

    The body has natural or ‘circadian’ rhythms that are repeated approximately every 24 hours. These rhythms regulate sleeping patterns, body temperature, hormone levels, digestion and many other functions. When these rhythms become ‘out of sync’ due to factors such as different sleeping or eating times or even changes in the exposure to light, fatigue can result. A common example of this is jet lag.

    Sleep factors

    The amount and quality of sleep is critical to preventing fatigue. People who do not have enough sleep will incur a ‘sleep debt’. This sleep debt is cumulative and will continue to build up if there is insufficient sleep.

    The quality of the sleep is also important. Poor sleep quality is a common problem for those on shift-work since it is often difficult to attain restful sleep during the day or if there is considerable noise.

    Health factors

    Many health factors and lifestyle choices contribute to fatigue. For instance, individuals with sleep apnoea (a breathing obstruction during sleep that causes oxygen starvation) do not get enough sleep because they wake frequently during the night. Other health conditions such as diabetes and obesity can also contribute to fatigue as can alcohol, a poor diet, poor physical fitness and the side effects of some medications.

    Work factors

    Work factors can be a major contributor to fatigue. Two common examples are long or excessive hours and inflexible deadlines.

    Integrating fatigue management programs into business continuity

    A risk management approach should be taken when including a fatigue management program into your business continuity planning. The approach may include these key steps:

    • Identifying the hazard
    • Assessing the risks
    • Controlling the risks
    • Monitoring the effectiveness of the program

    Risk management steps application to fatigue management: 

    Identify the hazard

    • Identify all jobs that are at risk of excessive fatigue
    • Identify who may be affected
    • Identify the causes of fatigue

    Assess the risks

    • Identify the potential consequences of fatigue in the selected jobs.
    • Determine the likelihood of an incident.
    • Assess the level of risk using a risk rating matrix.

    Controlling the risks

    • Determine the improvements required to reduce the risk to an acceptable level.

    Monitor effectiveness

    • Implement a system for reporting fatigue related problems.
    • Monitor any alterations to shift-work schedules and/or work conditions.
    • Periodically review the effectiveness of your control measures and the overall program effectiveness.

    Controlling fatigue

    Controlling fatigue in the workplace ideally involves a number of different approaches that provide several protective ‘barriers’. This may include:

    1. Ensure adequate staffing levels: As a first step, it is important to ensure that adequate staffing levels have been set in order to enable control over other factors such shift length, amount of overtime and the average time off duty.
    2. Shift scheduling: In addition to mandatory limits that may exist for shift lengths and rest periods, optimal shift schedules require consideration of issues such as shift structure (eg. permanent or rotating shifts), shift patterns (eg. fast versus slow rotation of shifts) and rest breaks during and between shifts. Shift schedules should also account for factors such as the employee’s commuting time to and from work, employees swapping shifts or overtime assignments. This is best addressed by using fatigue risk models to assess actual (rather than planned) work-rest patterns and to place limits on the number of consecutive working hours or the number of days worked in a row.
    3. Employee fatigue training & sleep disorder management: It is also important to educate employees on the causes of fatigue and the ways that they can manage their personal fatigue risk. This includes coping with shift-work lifestyle issues and understanding health conditions that may affect the quality of sleep.
    4. Workplace environment design: Changes in the workplace can also assist in overcoming reduced alertness caused by out of sync circadian rhythms or inadequate sleep. Changes in environmental factors such as the lighting intensity, sound levels, temperature and humidity can be helpful in this regard.
    5. Alertness monitoring & fitness for duty: A final line of defence is to put measures in place that identify employees who are not suitable for work. Technologies such as alertness monitors and fitness for duty tests are options that can be considered for this purpose.

    By taking a systematic approach to fatigue management by including these risks into business continuity plans, companies can minimise fatigue-related incidents while improving employee well being and ensuring compliance with OHS regulations and best practices.

  • Crisis Management in Tourism – When Tragedy Strikes

    Crisis Management in Tourism – When Tragedy Strikes

    The tourism industry has experienced exponential increase in global travel in recent decades, but with this comes new challenges. Organisations conducting travel, such as travel companies, schools or universities, are facing growing pressures to efficiently manage natural disasters or man-made catastrophes around the globe.

    Last year was no exception, with several events creating enormous challenges in crisis management for the industry, their staff, the local population and the travelling public.

    Human intervention caused traveller chaos in many popular destinations including:

    • Civil unrest in Paris
    • Protest activity in Hong Kong
    • The Christchurch mosque shootings
    • Easter Sunday bombings in Sri Lanka
    • London Bridge stabbing attack

    Meanwhile mother nature didn’t make it any easier:

    • The ongoing eruptions of Mt Agung on Bali and Mt Sinabung on Sumatra
    • The Mt White eruption in New Zealand
    • One of the deadliest climbing seasons on Mt Everest
    • The typhoon in Japan that cancelled Rugby World Cup matches
    • Hurricane Barry on the Gulf Coast of USA
    • Hurricane Dorian in The Bahamas

    And of course, domestically Australia faced the worst bushfire season on record.

    These events in popular destinations are a sobering reminder of how a happy holiday, or group tour, can quickly and unexpectedly turn into a tragic nightmare.

    Hope for the best, plan for the worst

    With every incident that occurs, the question is raised as to how this will impact the travel industry.

    “Such events can turn people away from a particular area. They also place greater crisis response expectations on travel companies, tour operators, or even school and university groups,” says Briony Morgan, Senior Manager of RiskLogic’s Resilience Services. “It’s imperative that organisations are properly prepared for a worst-case scenario.”

    As well as completing a risk assessment, companies need to invest time, money and resources into developing a comprehensive crisis management plan. At a minimum, the plan should include:

    • Assessment and decision-making tools
    • Communications plan including stakeholder map, key messages for various scenarios, roles and responsibilities, agreed approval processes and checklists to ensure all channels and tactics are considered.
    • Resources available
    • Escalation and notification processes.

    “A crisis management plan that sits on a shelf gathering dust is next to useless,” says Jessica Petersen – Manager, Resilience Services at RiskLogic. “The crisis management plan has to be practical. Staff must be trained and rehearsed using scenario exercises so that everyone in the organisation is confident and capable of executing the plan if an incident strikes. A generic plan won’t suit every organisation as it needs to be tailored. It must clearly define duty of care as well as identify responsibilities from on-the-ground tour leaders right through to the strategic and executive teams making decisions on behalf of the organisation.”

    Communication is a critical component

    Not receiving accurate and timely information in a crisis creates anxiety and frustration for those involved in the disaster and their loved ones who are desperate for news.

    Although social media has the potential to spread news quickly, there can be limitations around accuracy, including the potential for uncorrected misinformation to morph into myths that are believed to be fact.

    Emergency services and government authorities such as Australia’s Department of Foreign Affairs and Trade (DFAT) may also have limitations as to what information they can or can’t confirm in a crisis, particularly if the next of kin have not yet been informed.

    “In the absence of information, people always assume the worst,” confirms Briony Morgan . “A slow or poor communications response has the potential to exacerbate the negative impact to stakeholders. Media and armchair experts can start criticising the company for mismanaging the situation, adding fuel to the fire.”

    “Tour and travel companies need a comprehensive Crisis Communications Plan to ensure they can reach all their stakeholders quickly and accurately.”

    A ‘hub and spoke’ model of communication is very effective in a crisis, where you place all your public information in the hub. Your website is often the best hub, but Twitter can also be used as your ‘single source of truth’ to communicate a rapidly changing issue. You then use your spokes, which are all your available communication channels (owned, earned and paid), to deliver your message to the wide circle of stakeholders around you.

    Global travel will continue to rise

    People have been roaming the planet for centuries whether on pilgrimages, to experience different cultures or see new sights. Despite the increasing risks from a number of natural and man-made events, many people will continue to seek adventure and new experiences. To help protect people when disaster does strike, travel companies must be prepared with a robust crisis management plan, the latest tools and a well-rehearsed team that can effectively manage any critical incident.

  • A Trigger for Business Continuity

    A Trigger for Business Continuity

    The 2019 novel Coronavirus (or 2019-nCOV) – first detected in Wuhan, China in December, has quickly spread globally with reports of suspected cases of coronavirus in Australia, US and the Philippines. The same province in China saw the origins of severe acute respiratory syndrome (SARS), and is a region considered globally as high risk, regarding emerging infectious diseases (EID).

    Many factors contribute to the emergence of novel viruses; overcrowding, loss of animal habitats, close human / animal cohabitation and climate change, with rapidly mutating viruses more common among emerging pathogens. As climate change and its impacts are amongst the top 3 global risks to businesses, an outbreak may be a trigger for business continuity.

    Source of the Coronavirus

    Health authorities are still working out the source of this new virus. A likely zoonotic disease, it was first thought to originate from a seafood and live animal market in Wuhan, China. Human-to-human transmission has since been confirmed. Although the virulence of this virus is not considered severe, its spread geographically, has been fuelled by the increase in travel due to the Luna New Year celebrations.

    The World Health Organisation (WHO) has issued a number of statements over recent days, reinforcing the need for on-going active monitoring and preparedness in affected and other countries. WHO has issued guidance on how to detect and treat persons ill with coronavirus.

    It is great to see that the regional laboratories were able to generate an in-house PCR test (genetic test) so quickly. By doing so, they have allowed other countries like Australia to follow suit, with a recent suspected case in Brisbane, the first to be tested.

    Incorporating an outbreak response into your business continuity planning

    The WHO Director will continue to monitor the event through the activation of its incident management system at country, regional and headquarters levels. At this point in time, the IHR Emergency Committee has not declared the event a public health emergency but will reassess regularly.

    The Australian Government Department of Health has released an information page and will activate biosecurity measures at the borders.

    The emergence of 2019 novel coronavirus  is a timely reminder of the unpredictable nature of infectious disease outbreaks and the ease at which they can spread in a world that is hyper-connected, both at the human and animal level. The impacts of an outbreak and potential human pandemic can include loss of staff, reduction in processes, loss of revenue and human and animal travel restrictions. The key to tackling such a threat is rapid identification, good hygiene practices and infection control, at our borders, hospitals, workplaces and homes.

    Further to that, is the need to improve business continuity plans to include identified strategies for dealing with these potential impacts. Raising awareness of outbreak prevention and business resumption strategies, will strengthen your ability to remain flexible and adapt to such a threat.

  • Managing Concurrent Incidents: Learning from the Australian Open

    Managing Concurrent Incidents: Learning from the Australian Open

    Written by Senior Manager Joanne Costa.

    The Australian Open was one of the most closely watched ‘will it–won’t it?’ events of the last 12 months. When considering the ongoing concurrent incidents the world was seeing, there were major concerns, and rightfully so.

    It was one of the first major international sporting tournaments to be held in Australia since our borders were closed and the organisers had to respond to a series of high profile incidents and challenges before the first serve had even been taken.

    Concurrent incidents are real and will happen

    This year the focus for the Open was how to run a major event during a pandemic, but other concurrent incidents and risks were just as present as in previous years.

    The organisers still needed to be able to respond to ongoing safety and security issues, extreme weather events, facility and infrastructure outages or even cyber-related risks that arose.

    But this year, the Open had the added pressure of responding to these concurrent incidents while maintaining the controls and arrangements in place for COVID-19.

    Despite this seeming like an impossible challenge to many onlookers, organisers of events like the Australian Open are primed, ready and very experienced at responding to concurrent incidents.

    They do this through rigorous awareness, planning, training and testing to ensure that they can respond to any incident, or multiple incidents, in a quick, consistent and controlled manner.

    While not all organisations have the same risk profile as the Australian Open, it is still paramount to be ready and prepared to respond to two or more incidents occurring simultaneously.

    This is now more relevant than ever as we manage the ongoing impacts and challenges of COVID-19 through 2021.

    For you, this could be a power outage affecting your staff who are working from home, or a lockdown and bushfire occurring at the same time as we saw earlier this year in WA.

    The last year has proven that we cannot fall back on the “oh, that’ll never happen” mindset because unfortunately it can, and for some, it will.

    So what are the key questions to be challenging ourselves with?

    Key questions and considerations:

    • Do you have a clear understanding of your current risk profile and the types of incidents most likely to impact your location, industry, organisation or event?
      • Have they changed over the last 12 months?
    • Are you proactively monitoring your risks and vulnerabilities?
      • Who is keeping watch on weather conditions?
      • Who is on the lookout for irregular online activity?
      • How quickly will you find out if something does occur?
    • If you do need to respond to another incident, who will lead the response?
      • If you have a team currently activated for COVID-19, does it have the capacity to manage a second incident, or will you need to stand up a separate team or additional team members?
    • How resilient is your capacity to manage and resolve concurrent incidents and do you test and validate your resilience through regular exercising?

    At RiskLogic we work with our clients to help answer these questions by applying our proven planning, training, and exercising approach to enhance and validate your resilience. It is a system used by hundreds of our clients of all sizes and is well-tested for the current threat environment.

    It is important not to just think about how you would respond but to proactively review your plans, update your risk profiles, train your response teams, and give a credible scenario a dry run. Identify and address gaps now, not once you are faced with the impacts of a second or even third concurrent incident.

    I encourage you to challenge yourselves. Are you ready? And can you prove it?